- Add policy to make dbus/nm-applet work

2009-01-23 21:48:22 +00:00 · 2009-01-23 21:48:22 +00:00 · 6f376018b9
commit 6f376018b9
parent 14c9b9cdc6
1 changed files with 15 additions and 25 deletions
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@ -12881,7 +12881,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 /usr/libexec/hald-addon-macbookpro-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.3/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.3/policy/modules/services/hal.if	2009-01-23 14:59:53.000000000 -0500
+++ serefpolicy-3.6.3/policy/modules/services/hal.if	2009-01-23 16:29:03.000000000 -0500
@@ -20,6 +20,24 @@
 ########################################
@ -12919,14 +12919,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -340,3 +355,60 @@
+@@ -340,3 +355,41 @@
 	files_search_pids($1)
 	allow $1 hald_var_run_t:file rw_file_perms;
 ')
 +
 +########################################
 +## <summary>
-+##	Read/Write hald PID files.
+##	Manage hald PID dirs.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
@ -12934,13 +12934,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +##	</summary>
 +## </param>
 +#
-+interface(`hal_rw_pid_files',`
+interface(`hal_manage_pid_dirs',`
 +	gen_require(`
 +		type hald_var_run_t;
 +	')
 +
 +	files_search_pids($1)
-+	allow $1 hald_var_run_t:file rw_file_perms;
+	manage_dirs_pattern($1, hald_var_run_t, hald_var_run_t)
 +')
 +
 +########################################
@ -12961,25 +12961,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_search_pids($1)
 +	manage_files_pattern($1, hald_var_run_t, hald_var_run_t)
 +')
 +
 +########################################
 +## <summary>
 +##	Manage hald PID dirs.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
 +##	Domain allowed access.
 +##	</summary>
 +## </param>
 +#
 +interface(`hal_manage_pid_dirs',`
 +	gen_require(`
 +		type hald_var_run_t;
 +	')
 +
 +	files_search_pids($1)
 +	manage_dirs_pattern($1, hald_var_run_t, hald_var_run_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.3/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-01-19 11:06:49.000000000 -0500
 +++ serefpolicy-3.6.3/policy/modules/services/hal.te	2009-01-20 11:41:48.000000000 -0500
@ -22837,7 +22818,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.3/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.3/policy/modules/services/xserver.te	2009-01-23 10:14:45.000000000 -0500
+++ serefpolicy-3.6.3/policy/modules/services/xserver.te	2009-01-23 16:45:11.000000000 -0500
@@ -34,6 +34,13 @@
 ## <desc>
@ -23337,6 +23318,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 modutils_domtrans_insmod(xserver_t)
@@ -742,7 +868,7 @@
 ')
 ifdef(`enable_mls',`
 -	range_transition xserver_t xserver_tmp_t:sock_file s0 - mls_systemhigh;
 +#	range_transition xserver_t xserver_tmp_t:sock_file s0 - mls_systemhigh;
 	range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
 ')
@@ -774,6 +900,10 @@
 ')